On Fri, 2012-09-14 at 11:49 +0200, David Jaša wrote: > John A. Sullivan III píše v Čt 13. 09. 2012 v 12:36 -0400: > > On Thu, 2012-09-13 at 20:16 +0430, Mohsen Saeedi wrote: > > > > > > > > > > > > John A. Sullivan III <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote on Thu, 13 > <snip>> > > > > > > We have also been toying with the idea of using KVM/KSM to move to a > > > > single server per user. This would provide much greater isolation and > > > > non-repudiation but we are concerned about the overhead of KVM on the > > > > KVM host and deduplication on the SAN. Thanks - John > > > I think so, spice has experimental feature for multiple client to > > > single windows XP now. is it true?? > > > and what is the details for idea of using KVM/KSM to move to a single > > > server per user? I didn't understand it very well. > > > Thanks > > This is something we are able to do splendidly well with VServer and > > X2Go (an NX implementation). With the VServer hashification feature, I > > can have 400 VMs on a host and only take one VM's worth of space for > > system files. > > oVirt (RHEV) templates will do the same for you. Then I had better start investigating it! Thanks. > > > Moreover, all instances in memory only take the space of > > one instance. Thus, we get deduplication and KSM almost for free. > > oVirt (RHEV) runs KSM only when the host memory gets fuller but I seem > to remember that guys were able to have high 1000's of % of memory > overcommit ratios I have heard rumors of high CPU utilization with KSM but we have not experimented enough with it ourselves to know. Is that an issue? > > BTW, how does VServer implement its memory sharing, isn't it KSM > internally too? No, it's a consequence of their "hashification." As an option, all duplicate files in the file system (there is a single file system in VServer although accessed via different namespaces) are replaced by immutable hard links. I'm not sure of the details but, because each of those files shares a common inode, I believe only one instance is loaded into memory. > > > Because the additional overhead is so minuscule (minimal memory and disk > > and almost no virtualization overhead since it is a container technology > > instead of a hypervisor), and because there are no licensing issues for > > our Linux desktops, it makes sense to give each user a dedicated VM. > > Not only does that give us excellent isolation from errant processes but > > it also means (because of the details of our implementation) that each > > user has a consistent IP address allowing us to correlate network events > > with specific users. > > in oVirt, your guest systems have stable MAC address so with properly > configured DHCP/DNS, you'd get the same. > > David <snip> _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel